Google relents—adds system password prompt before displaying web passwords

Nov 05, 2013 by Bob Yirka weblog

(Phys.org) —This past summer it was widely reported that Google Chrome had a web security flaw—all of the passwords that were saved for various web sites could be displayed by anyone gaining physical access to a computer, by typing in a simple command. That prompted a lot of people to criticize Google for its lackadaisical approach to web security for its user community. Google defended itself by noting that if someone gained physical access to someone else's computer and were able to use their Chrome browser, they would be able to access all of the web sites that the original owner had saved anyway (because the login and passwords would be filled in automatically), regardless of whether they could see the passwords, which were stored on the local hard drive in plain text.

Now it appears that Google has had a change of heart, at least as it applies to Mac users—Chromium developer François Beaufort has announced on his Google+ page that Google has implemented a "fix" for the problem for users of the Chromium Build for Mac. Now, if a sneaky person gains physical access to someone else's computer and tries to get the browser to show all of the saved , they will be prompted to first type in the Mac OS password. Of course, that still won't stop them from visiting and logging in automatically (because the passwords have still been saved after all) to whatever web sites they find in the list of favorites, their history, etc.

It's not clear why Google had a change of heart, or if the change will be made to Google Chrome (Windows) or if it will, how long that might take. Last summer, company reps said making such a change to Chrome would give users a false sense of security. They suggested that users lock their computer when away from the keyboard to give themselves a true security system.

It's clear that forcing users to type in a system password will prevent miscreants from quickly printing out a list of logins/passwords—whether it will also lull them into a false of remains to be seen—at least for Mac users.

Explore further: FBI: Surveillance tools in jeopardy amid Patriot Act debate

Related Stories

Google vision of password rings heard at security event

Mar 13, 2013

(Phys.org) —Google finds much appeal in gaining the distinction of leading the way toward a future where USB sticks and rings can replace traditional passwords. The idea of killing off passwords has been ...

Recommended for you

AP sources: IRS believes identity thieves from Russia

May 27, 2015

IRS investigators believe the identity thieves who stole the personal tax information of more than 100,000 taxpayers from an IRS website are part of a sophisticated criminal operation based in Russia, two ...

Subway riders' smartphones could carry tracking malware

May 26, 2015

Millions of city dwellers with smartphones in hand, pocket or bag, use trains to get around night and day, seven days a week. The incoming message from three researchers in China is that an attacker could ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

evropej
1 / 5 (6) Nov 05, 2013
Logging into a site is one thing, getting the password to log in from any pc is another. This is what happens when you get so big and go from technology development to groogling the world with spam.
Zera
1 / 5 (6) Nov 05, 2013
check out lightbeam - google sits at the centre of just about every interaction you have with the "web"
Ducklet
1 / 5 (5) Nov 05, 2013
The password has to be available in plaintext anyway, at some point, or the browser won't be able to auto-fill it.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.